biometrics around the world

Regulating Security Gives a Leg Up to Realistic Authentication

As September 2019 draws near, various PSPs are making their
moves towards full compliance with PSD2's regulatory technical standards
regarding security and functionality. This comes on the heels of the
implementation of another regulation, GDPR, whose online privacy rules also
made upheavals in the financial sector. And just like with GDPR, PSD2's impact
and consequences are yet to be seen.

PSD2
Boosts Biometrics

Among other things, PSD2's
security requirements have led to a rise in the use of biometric technology.
Many companies are making efforts to incorporate the technology into their
services.

Mastercard is testing its fingerprint-scanning chip cards in
South Africa and hopes to do the same in the UK. In the US, CaliBurger is
testing a system that links customer faces to loyalty cards, while Fujitsu is
developing payment terminals with palm and finger scanners.

This development is part of
the Strong Customer Authentication initiative, which requires several different
factors to allow a transaction to take place. One such factor is biometric
data, such as retinal scans or fingerprints, which is then combined with PINs
or passwords and device IDs to confirm customer identity.

Corporate
to Implement Biometrics?

Biometrics are making inroads into corporate payments as
well. A senior manager for Hitachi Europe, Elias Thomaidis, stated in 2018 that
as the deadline for PSD2 implementation approaches, corporate PSPs are being
encouraged to consider implementing biometrics as part of their own security
measures, as well as their customers. But a point to consider in all of this is also the potential
conflict between GDPR and PSD2.

While GDPR requires customer data remain
private and secure, PSD2's aim of open banking requires banks to share customer
data with their consent, since sharing and analyzing data is at the regulation's
core. What will happen once both regulations are in full force simultaneously?
Only time will tell.

Biometrics Not Legal Everywhere?

An interesting development regarding biometrics is taking place in Slovenia. The Slovenian Personal Data Protection Act (ZVOP-1) permits processing of biometric data only for company employees subject to prior written approval of the national Information Commissioner. Many companies have cited this as a reason for giving up on fingerprint authentication and biometrics in general.

However, experts are pointing out that this is in fact not so. Rather, the abandonment of biometrics for commercial use in Slovenia seems to be the perfect storm of the law that is not keeping up with the technical and security development on the one hand.

On the other hand, it is giving rise to Slovenian banks being reluctant to adopt biometrics in the first place due to unclear technical specifications behind the technology and its implementation, coupled with uncertainty of eventual updates to the Personal Data Protection Act with respect to widespread use of biometrics.

E-commerce

The EU's Digital Single Market strategy aims to make
e-commerce as easy and safe as possible for the European consumer. It stoppedgeoblocking, a practice where online retailers discriminated against customers
on the basis of their place of residence and refused to ship to them or even
accept payments from certain locations.

Rules are now in place that ensure all
EU customers are treated equally. The strategy also guarantees full price transparency for
cross-border parcel deliveries, which allows for increased competition within
the delivery service sector and provides customers with more delivery options.

What
the Future Holds

A new VAT for online sales is coming in 2021 and before that, new rules for online consumer protection will be in place in 2020. These will enable the removal of sites or social media accounts involved in scams and make tracing rogue online traders easier by requesting information from ISPs and banks.

Your browser does not support the video.

Certainly, there will be both plenty of room for biometrics
in all these sectors in the near future, like verification of every fifth transaction
on a card with a fingerprint from a previously authorized device. And plenty of
need, as well.

As the payments industry grows and becomes more diverse, it
makes sense to invest in and make use of the uniqueness biometrics inherently
bring to customer authentication.